C Exploits
3,632 exploits tracked across all sources.
Linux kernel <2.4,2.2 - Info Disclosure
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
by Chris Evans
OpenSSH - Remote Code Execution via CRC-32 Compensation Attack
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
by Michal Zalewski
XMail < 0.66 - Buffer Overflow via CTRLServer cfgfileget or domaindel Functions
Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions.
by isno
Solaris 7 and 8 - Local Privilege Escalation via ximp40 Library Buffer Overflow
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.
by UNYUN
HP Tru64 UNIX <5.1a-4.0f - Buffer Overflow
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.
by K2
SCO mscreen - Buffer Overflow via Long TERM Entry in .mscreenrc File
Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file.
by K2
vim - Unauthenticated Arbitrary File Modification via Symlink Attack on Backup and Swap Files
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
by zen-parse
splitvt < 1.6.5 - Local Buffer Overflow
Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands.
by Michel Kaempf
Solaris 2.6-7 - Buffer Overflow
Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.
by Pablo Sor
Windows NT 4.0 - Denial of Service via Winsock2ProtocolCatalogMutex Permission Modification
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
by Arne Vidstrom
CVSS 7.1
Websweeper 4.0 - Denial of Service via Large HTTP Referrer Header
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
by honoriak
icecast < 1.3.8_beta2 - Remote Code Execution via Format String in print_client
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.
by CyRaX
eEye Iris 1.01 beta - Denial of Service via Malformed Packet
eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet.
by grazer
MySQL <3.23.31 - DoS/Privilege Escalation
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
by Luis Miguel Silva
Tinyproxy < 1.3.2 - Buffer Overflow via Long Connect Request
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.
by CyRaX
micq < 0.4.6 - Buffer Overflow via Long Description Field
Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.
by tHE rECIdjVO
ssh <1.2.27-1.2.30 - Info Disclosure
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.
by Richard Silverman
splitvt - Remote Code Execution via Format String in -rcfile Argument
Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.
by Michel Kaempf
Solaris 7 and earlier - Local Buffer Overflow via Long -f Parameter
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
by ahmed
APC UPS daemon - Local Privilege Escalation
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
by the itch
HP-UX 11.0 - Buffer Overflow via cu Program -l Argument
Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.
by zorgon
BSD libutil - Privilege Escalation
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
by caddis
By Source